hxxp://www[.]dhwsmw[.]com/

Analysis

max time kernel
147s
max time network
150s
platform
windows10-2004_x64
resource
win10v2004-20231215-en
resource tags

arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system
submitted
12-02-2024 19:47

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

http://www.dhwsmw.com/

Score

1^/10

Malware Config

Signatures

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Suspicious behavior: EnumeratesProcesses 10 IoCs

pid	Process
4144	msedge.exe
4144	msedge.exe
756	msedge.exe
756	msedge.exe
2024	identity_helper.exe
2024	identity_helper.exe
1116	msedge.exe
1116	msedge.exe
1116	msedge.exe
1116	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 7 IoCs

pid	Process
756	msedge.exe
756	msedge.exe
756	msedge.exe
756	msedge.exe
756	msedge.exe
756	msedge.exe
756	msedge.exe

Suspicious use of FindShellTrayWindow 25 IoCs

pid	Process
756	msedge.exe
756	msedge.exe
756	msedge.exe
756	msedge.exe
756	msedge.exe
756	msedge.exe
756	msedge.exe
756	msedge.exe
756	msedge.exe
756	msedge.exe
756	msedge.exe
756	msedge.exe
756	msedge.exe
756	msedge.exe
756	msedge.exe
756	msedge.exe
756	msedge.exe
756	msedge.exe
756	msedge.exe
756	msedge.exe
756	msedge.exe
756	msedge.exe
756	msedge.exe
756	msedge.exe
756	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
756	msedge.exe
756	msedge.exe
756	msedge.exe
756	msedge.exe
756	msedge.exe
756	msedge.exe
756	msedge.exe
756	msedge.exe
756	msedge.exe
756	msedge.exe
756	msedge.exe
756	msedge.exe
756	msedge.exe
756	msedge.exe
756	msedge.exe
756	msedge.exe
756	msedge.exe
756	msedge.exe
756	msedge.exe
756	msedge.exe
756	msedge.exe
756	msedge.exe
756	msedge.exe
756	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 756 wrote to memory of 2132	756	msedge.exe	83
PID 756 wrote to memory of 2132	756	msedge.exe	83
PID 756 wrote to memory of 4364	756	msedge.exe	85
PID 756 wrote to memory of 4364	756	msedge.exe	85
PID 756 wrote to memory of 4364	756	msedge.exe	85
PID 756 wrote to memory of 4364	756	msedge.exe	85
PID 756 wrote to memory of 4364	756	msedge.exe	85
PID 756 wrote to memory of 4364	756	msedge.exe	85
PID 756 wrote to memory of 4364	756	msedge.exe	85
PID 756 wrote to memory of 4364	756	msedge.exe	85
PID 756 wrote to memory of 4364	756	msedge.exe	85
PID 756 wrote to memory of 4364	756	msedge.exe	85
PID 756 wrote to memory of 4364	756	msedge.exe	85
PID 756 wrote to memory of 4364	756	msedge.exe	85
PID 756 wrote to memory of 4364	756	msedge.exe	85
PID 756 wrote to memory of 4364	756	msedge.exe	85
PID 756 wrote to memory of 4364	756	msedge.exe	85
PID 756 wrote to memory of 4364	756	msedge.exe	85
PID 756 wrote to memory of 4364	756	msedge.exe	85
PID 756 wrote to memory of 4364	756	msedge.exe	85
PID 756 wrote to memory of 4364	756	msedge.exe	85
PID 756 wrote to memory of 4364	756	msedge.exe	85
PID 756 wrote to memory of 4364	756	msedge.exe	85
PID 756 wrote to memory of 4364	756	msedge.exe	85
PID 756 wrote to memory of 4364	756	msedge.exe	85
PID 756 wrote to memory of 4364	756	msedge.exe	85
PID 756 wrote to memory of 4364	756	msedge.exe	85
PID 756 wrote to memory of 4364	756	msedge.exe	85
PID 756 wrote to memory of 4364	756	msedge.exe	85
PID 756 wrote to memory of 4364	756	msedge.exe	85
PID 756 wrote to memory of 4364	756	msedge.exe	85
PID 756 wrote to memory of 4364	756	msedge.exe	85
PID 756 wrote to memory of 4364	756	msedge.exe	85
PID 756 wrote to memory of 4364	756	msedge.exe	85
PID 756 wrote to memory of 4364	756	msedge.exe	85
PID 756 wrote to memory of 4364	756	msedge.exe	85
PID 756 wrote to memory of 4364	756	msedge.exe	85
PID 756 wrote to memory of 4364	756	msedge.exe	85
PID 756 wrote to memory of 4364	756	msedge.exe	85
PID 756 wrote to memory of 4364	756	msedge.exe	85
PID 756 wrote to memory of 4364	756	msedge.exe	85
PID 756 wrote to memory of 4364	756	msedge.exe	85
PID 756 wrote to memory of 4144	756	msedge.exe	84
PID 756 wrote to memory of 4144	756	msedge.exe	84
PID 756 wrote to memory of 4864	756	msedge.exe	86
PID 756 wrote to memory of 4864	756	msedge.exe	86
PID 756 wrote to memory of 4864	756	msedge.exe	86
PID 756 wrote to memory of 4864	756	msedge.exe	86
PID 756 wrote to memory of 4864	756	msedge.exe	86
PID 756 wrote to memory of 4864	756	msedge.exe	86
PID 756 wrote to memory of 4864	756	msedge.exe	86
PID 756 wrote to memory of 4864	756	msedge.exe	86
PID 756 wrote to memory of 4864	756	msedge.exe	86
PID 756 wrote to memory of 4864	756	msedge.exe	86
PID 756 wrote to memory of 4864	756	msedge.exe	86
PID 756 wrote to memory of 4864	756	msedge.exe	86
PID 756 wrote to memory of 4864	756	msedge.exe	86
PID 756 wrote to memory of 4864	756	msedge.exe	86
PID 756 wrote to memory of 4864	756	msedge.exe	86
PID 756 wrote to memory of 4864	756	msedge.exe	86
PID 756 wrote to memory of 4864	756	msedge.exe	86
PID 756 wrote to memory of 4864	756	msedge.exe	86
PID 756 wrote to memory of 4864	756	msedge.exe	86
PID 756 wrote to memory of 4864	756	msedge.exe	86

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://www.dhwsmw.com/
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:756
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffc3ad246f8,0x7ffc3ad24708,0x7ffc3ad24718
  2⤵
  PID:2132
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2140,5046801262527621172,4570884755282602179,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2208 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4144
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2140,5046801262527621172,4570884755282602179,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2156 /prefetch:2
  2⤵
  PID:4364
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2140,5046801262527621172,4570884755282602179,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2988 /prefetch:8
  2⤵
  PID:4864
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2140,5046801262527621172,4570884755282602179,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3304 /prefetch:1
  2⤵
  PID:2684
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2140,5046801262527621172,4570884755282602179,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3284 /prefetch:1
  2⤵
  PID:2196
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2140,5046801262527621172,4570884755282602179,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4696 /prefetch:1
  2⤵
  PID:4912
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2140,5046801262527621172,4570884755282602179,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4028 /prefetch:1
  2⤵
  PID:4040
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2140,5046801262527621172,4570884755282602179,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5800 /prefetch:1
  2⤵
  PID:2984
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2140,5046801262527621172,4570884755282602179,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6032 /prefetch:8
  2⤵
  PID:208
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2140,5046801262527621172,4570884755282602179,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6032 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:2024
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2140,5046801262527621172,4570884755282602179,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3860 /prefetch:1
  2⤵
  PID:1076
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2140,5046801262527621172,4570884755282602179,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4692 /prefetch:1
  2⤵
  PID:1068
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2140,5046801262527621172,4570884755282602179,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=4892 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:1116

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:3560

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:1016

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
011193d03a2492ca44f9a78bdfb8caa5

SHA1
71c9ead344657b55b635898851385b5de45c7604

SHA256
d21f642fdbc0f194081ffdd6a3d51b2781daef229ae6ba54c336156825b247a0

SHA512
239c7d603721c694b7902996ba576c9d56acddca4e2e7bbe500039d26d0c6edafbbdc2d9f326f01d71e162872d6ff3247366481828e0659703507878ed3dd210

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
480B

MD5
33be13a7827573e0eb93b6aaad64c2ae

SHA1
06e97240d9df60a60d1a2d96de2d8c013c13b6e4

SHA256
8a66927da8d6bc0aa46f6a490c2919eb1d41e485cc483795d3388d7ef7b36630

SHA512
6952ba2244b594a170495455986ddb6a4d8524210afd3788a16183b1a852ddd0c397bae944ffb98e07bb4cf69d539d08027abdca43131642e0f9affdfd8ccdcc

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
111B

MD5
285252a2f6327d41eab203dc2f402c67

SHA1
acedb7ba5fbc3ce914a8bf386a6f72ca7baa33c6

SHA256
5dfc321417fc31359f23320ea68014ebfd793c5bbed55f77dab4180bbd4a2026

SHA512
11ce7cb484fee66894e63c31db0d6b7ef66ad0327d4e7e2eb85f3bcc2e836a3a522c68d681e84542e471e54f765e091efe1ee4065641b0299b15613eb32dcc0d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
1KB

MD5
1d297803e6fcc0f303c44a8aa33f713f

SHA1
a2954f763b2566047dafecbc8e4de9980982f12f

SHA256
a995e940eafa490ae2f5205d10321212c0c5b669c98d987ad548a322e67ab379

SHA512
de019ee0096f20d40a16f14d103de3f3d14f5a561308a89cc1d13c1687109839552d9a0a40e80daa094387362f2786ccb93b7955e94a3f3ea5b7e39a2bf64332

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
d4c40be21852a5b4809436c8f3c01e06

SHA1
ab60973fe2747d9e18a9496e3172bc0d8b189307

SHA256
165ab05826daab22a9648e7c0cb2e4b454a4641596806932cebbd5d6a5b8908e

SHA512
529d94b5882eeff05f9f9817e5f1a83968c0458cf90da6ad0ceee28e09706dec3c63041df64d90bd4b008ad997f82b419b98bf78e59ed9d0bd898e734fe02203

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
a275ae0f77f9e27c7a25403b2cce229b

SHA1
f6e9468c1db10c0b1d32403019f71c2dccf51d71

SHA256
4873bc4086adb2f963d3aacabe0495e3ba3cc3380e252b75fb463f6bf91bc899

SHA512
0cccf6ea8157e092cb01fc6aee7d0252a66da3202b77cfdce74a974483140fea11c093352424c1052cdc4dc55da7f607906a42c72185671698160ba74a65b439

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
4516e97b12616dc5288dc24d6f15438e

SHA1
6809b2b729f9a89fa2c342abe8123ec4d760de1e

SHA256
0f8b2ead33d8ec0635daf97003e6113eb652f3ec32496c9d74ede62737c095cd

SHA512
de476b7840c83ca20fb4eaebc255f9768d31413d555a36038e6ac9bd5665dddb7bbf42e36ef47bc6707cc562fe860202d906cdd9217875a29c6737b951d620fe

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Secure Preferences

Filesize
24KB

MD5
f5b764fa779a5880b1fbe26496fe2448

SHA1
aa46339e9208e7218fb66b15e62324eb1c0722e8

SHA256
97de05bd79a3fd624c0d06f4cb63c244b20a035308ab249a5ef3e503a9338f3d

SHA512
5bfc27e6164bcd0e42cd9aec04ba6bf3a82113ba4ad85aa5d34a550266e20ea6a6e55550ae669af4c2091319e505e1309d27b7c50269c157da0f004d246fe745

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
698B

MD5
d51071d6e1b45626bd1ca081fe5266e3

SHA1
27c307e00e375cfa4a5178c73edb74557714a4af

SHA256
1b948edae25f266184ba825f73222d0bf85edb154b1c03d2c8e30a0ca1ac1f45

SHA512
a60973d674680dd2a2753a437d0aa5f23ddf195faabfc2f4d89f10d8fdabf7188b8ddf5dbd69f162a55c5b2b491468630ad60f0933179f39b030758b300c9996

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe57cc68.TMP

Filesize
697B

MD5
4e59448f8d8e8df2d1f8b33b5df3c446

SHA1
0513bc43cfec91007b7f1a07d059f3d54b84a053

SHA256
82dffe5736635971d955cfaa5cb6f5f84addc2df23393c8ba81f6e6059cc3fdc

SHA512
322a0b97b64b6e6a430592279046d8d3a2dd91e4ccc592417083b2b85028719457e94ac4ca7a5828c47d660ee5ff12a676196ee31d2f80574923ff38dcf2336d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
a48c5f5042702b0911f3426f63d3baae

SHA1
d57b29148f3c43b8b140b0842478374d295aa549

SHA256
db83aed7118a66af4b4bedfc884ae6d5ebf3c9e2f01475a9b6cc9714a6517d52

SHA512
145d913e75465ba1c623140f39e6ddbf92be4e1cb94440230c6a03335b5aee271275522a3594ec4f0d10e0bd420267c2a7654e664c6266410ae462c5eead994b

Download Submit